package com.jml.XSS攻击;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import org.apache.commons.lang3.StringEscapeUtils;

public class XssHttpServerRequest extends HttpServletRequestWrapper {

	private HttpServletRequest request;

	public XssHttpServerRequest(HttpServletRequest request) {
		super(request);
		this.request = request;
	}

	@Override
	public String getParameter(String name){
		String value = request.getParameter(name);
		System.out.println("没有转化前value："+value);
		if(name!=null||"".equals(name)){
			//转化为html
			value=StringEscapeUtils.escapeHtml4(value);
			System.out.println("转化后的value："+value);
		}
		return value;
	}
}
